[Pkg-mediawiki-devel] Bug#750527: mediawiki: Javascript inject by anonymous users on private wikis with $wgRawHtml enabled

[Salvatore Bonaccorso]

Source: mediawiki
Source-Version: 1:1.19.16+dfsg-1

On Wed, Jun 04, 2014 at 09:59:39AM +0300, Henri Salo wrote:
> Package: mediawiki
> Version: 1:1.19.15+dfsg-2
> Severity: normal
> Tags: security, fixed-upstream
> 
> Needs wgRawHTML enabled so this may not be easy to exploit and might not be
> affected by default.
> 
> Details of the issue: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
> CVE request: http://www.openwall.com/lists/oss-security/2014/06/03/7

This was fixed with the recent mediawiki 1:1.19.16+dfsg-1 upload to
unstable.

Regards,
Salvatore